Redefining the role of security professionals
Joe Bombagi director, systems engineering at Palo Alto Networks tells Capacity’s Jack Haddon how new generation technologies are changing the game for security automation
Automation, artificial intelligence and machine learning are combining to completely redefine security professionals’ roles in protecting their networks.
Whereas before skilled people were spending time manually configuring protocols and responding to repetitive, low risk alerts, the combined powers of groundbreaking new technologies are turning them more into project managers.
Now, they spend their days fine tuning automated tools that can do their repetitive work faster and more accurately.
Joe Bombagi director of systems engineering at Palo Alto Networks heads up a team that works on developing the cybersecurity leaders SASE (Secure access service edge) solution, which combines various forms of network and security into a single unified cloud-delivered platform, as opposed to a vast array of distributed different technologies.
“The new generation of security technology is allowing skilled people to concentrate more on behind the scenes, advanced projects, rather than working on mundane repetitive tasks” Bombagi tells Capacity.
This all-in-one approach is helping drive the adoption of AI and automation in network security.
Looking back, Bombagi notes how traditional network security has always been perimeter-centric, with technology living on the edge of the network.
He says this made organisations heavily reliant on expert service providers and telcos to provide the correct underlying infrastructure, services, management and operations to bring the various different components of security together.
“Now we’re in a different era” Bombagi says. “Vendors like Palo Alto have brought all of these components together with our next-generation platforms, so now the role of the service provider or telco is to help customers maximise their investment rather than stitch together different solutions”.
Naturally there is a level of automation involved in bringing these different security components together into a single SASE platform.
But Bombagi thinks the real value in automation comes from the operation of the converged system.
“If every configuration, every policy and every check to make sure there are no gaps, mistakes or security risks is manual; you expose yourself of .”
“Why would you risk that when you can use a combination of artificial intelligence, machine learning, and all of the data sets that we've got available to automate as much of that process as possible?”
Simply put you wouldn’t. According to Gartner’s 2022 roadmap for SASE convergence report, 85% of enterprises are expected to have begun the journey to adopting a SASE platform by 2025.
But this doesn’t mean immediately switching from a human-led approach to an AI led approach.
“The reason mistakes tend to happen is because the things that go wrong are mundane tasks. Nobody wants to do them. A highly skilled person certainly doesn't want to do them,” Bombagi says.
“Where we do have the luxury of highly skilled people, why not use them for actual highly skilled tasks and monitor the routine, repetitive tasks that can be managed by AI.”
Key to handing off this responsibility is a trust in the reliability of the data sets that are being used to make decisions.
This is where Palo Alto Networks experience at the forefront of network security innovation comes into play.
Unifying different products onto the same cloud-based platform has allowed Palo Alto Networks to create a data-lake informed by many different aspects of cybersecurity networking across their tens of thousands of customers.
Taking this crowd sourced approach transforms what is possible for security teams. “Where it would normally take days, weeks, or sometimes never to get the relevant information before you can action it, automation on this level can give you the information you need almost in real-time and you can take real action immediately.”
Bombagi speaks of clients that have only realised that they have breaches when adopting this technology, and being informed by the automated alerts and data that is generated.
Ultimately, what this means for people in the real world, is less time spent investigating what went wrong after a breach or attack, and more time working on prevention and acting on the information provided.
And never has there been a more critical time that this is what highly skilled security professionals should be doing.
While the rapid growth in the capabilities of technology over the last 5-10 years have unlocked massive benefits for organisations, that same technology is now available to bad actors as well. Therefore, the emphasis even more on talent that can use and make the most of the technology to counteract the potential threats.
“In the past, bad actors needed to have specialised skillsets of their own, and to a degree this was easier to protect against. We had a larger scale of highly skilled, intelligent people creating technologies that could pre-empt and stay one step ahead of the bad guys.”
But with access to more sophisticated tools, these skillsets aren’t as necessary, and the best counter to bad actors changes as well.
“We’ve got to a point now where AI is used to fight against AI,” Bombagi summarises. It’s easier for an AI to pick-up on and stop what another AI is doing, because similar patterns are protocols are used by each.
Thankfully, Palo Alto Networks is not dipping its toes into the machine learning or AI space for the first time. Its crowd sourced approach to using data and learning from what it collects has been around since it launched the first machine learning informed cloud-based malware detection platform, Wildfire, almost a decade ago.
“We’ve been collecting this data and training our systems on it for many years, which means even if someone is doing something new and creative to attack the network, we can block, identify and respond to it.”
Ultimately, the convergence of technologies drives us towards an AI-led realm, where data-driven decisions unfold in real time. Breach prevention takes precedence over post-attack investigations, allowing skilled experts to be true sentinels of cybersecurity.
The landscape has shifted, the adversaries are formidable, yet armed with AI-driven tools, security professionals are sculpting a safer digital future.